Details of VAR-201801-0151

ID

VAR-201801-0151

CVE

CVE-2017-16724

TITLE

Advantech WebAccess Buffer error vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2017-011795 // CNNVD: CNNVD-201801-242

DESCRIPTION

A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. Advantech WebAccess Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the bwscrp utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable

Trust: 10.8

sources: NVD: CVE-2017-16724 // JVNDB: JVNDB-2017-011795 // ZDI: ZDI-18-060 // ZDI: ZDI-18-051 // ZDI: ZDI-18-043 // ZDI: ZDI-18-041 // ZDI: ZDI-18-049 // ZDI: ZDI-18-044 // ZDI: ZDI-18-054 // ZDI: ZDI-18-058 // ZDI: ZDI-18-047 // ZDI: ZDI-18-025 // ZDI: ZDI-18-061 // ZDI: ZDI-18-053 // ZDI: ZDI-18-050 // CNVD: CNVD-2018-00671 // BID: 102424 // IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1 // CNVD: CNVD-2018-00671

AFFECTED PRODUCTS

vendor:	advantech	model:	webaccess	scope:	-	version:	-	Trust: 9.1
vendor:	advantech	model:	webaccess	scope:	lt	version:	8.3	Trust: 2.4
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.1	Trust: 0.9
vendor:	advantech	model:	webaccess	scope:	eq	version:	7.2	Trust: 0.9
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.0	Trust: 0.6
vendor:	advantech	model:	webaccess 8.2 20170330	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8.2	Trust: 0.3
vendor:	advantech	model:	webaccess 8.1 20160519	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess 8.0 20150816	scope:	-	version:	-	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	eq	version:	8	Trust: 0.3
vendor:	advantech	model:	webaccess	scope:	ne	version:	8.3	Trust: 0.3
vendor:	webaccess	model:	-	scope:	eq	version:	*	Trust: 0.2

sources: IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1 // ZDI: ZDI-18-044 // ZDI: ZDI-18-050 // ZDI: ZDI-18-053 // ZDI: ZDI-18-061 // ZDI: ZDI-18-025 // ZDI: ZDI-18-047 // ZDI: ZDI-18-058 // ZDI: ZDI-18-060 // ZDI: ZDI-18-054 // ZDI: ZDI-18-049 // ZDI: ZDI-18-041 // ZDI: ZDI-18-043 // ZDI: ZDI-18-051 // CNVD: CNVD-2018-00671 // BID: 102424 // JVNDB: JVNDB-2017-011795 // CNNVD: CNNVD-201801-242 // NVD: CVE-2017-16724

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2017-16724
value:	HIGH
Trust: 8.4
nvd@nist.gov:	CVE-2017-16724
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2017-16724
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2017-16724
value:	MEDIUM
Trust: 0.7
CNVD:	CNVD-2018-00671
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201801-242
value:	CRITICAL
Trust: 0.6
IVD:	e2e0e08f-39ab-11e9-b1d1-000c29342cb1
value:	CRITICAL
Trust: 0.2

ZDI:	CVE-2017-16724
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 8.4
nvd@nist.gov:	CVE-2017-16724
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
ZDI:	CVE-2017-16724
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.7
CNVD:	CNVD-2018-00671
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	e2e0e08f-39ab-11e9-b1d1-000c29342cb1
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

nvd@nist.gov:	CVE-2017-16724
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1 // ZDI: ZDI-18-044 // ZDI: ZDI-18-050 // ZDI: ZDI-18-053 // ZDI: ZDI-18-061 // ZDI: ZDI-18-025 // ZDI: ZDI-18-047 // ZDI: ZDI-18-058 // ZDI: ZDI-18-060 // ZDI: ZDI-18-054 // ZDI: ZDI-18-049 // ZDI: ZDI-18-041 // ZDI: ZDI-18-043 // ZDI: ZDI-18-051 // CNVD: CNVD-2018-00671 // JVNDB: JVNDB-2017-011795 // CNNVD: CNNVD-201801-242 // NVD: CVE-2017-16724

PROBLEMTYPE DATA

problemtype:	CWE-119	Trust: 1.8
problemtype:	CWE-121	Trust: 1.0

sources: JVNDB: JVNDB-2017-011795 // NVD: CVE-2017-16724

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-242

TYPE

Buffer error

Trust: 0.8

sources: IVD: e2e0e08f-39ab-11e9-b1d1-000c29342cb1 // CNNVD: CNNVD-201801-242

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011795

PATCH

title:	Advantech has issued an update to correct this vulnerability.	url:	https://ics-cert.us-cert.gov/advisories/ICSA-18-004-02	Trust: 9.1
title:	Advantech WebAccess	url:	http://www.advantech.com/industrial-automation/webaccess	Trust: 0.8
title:	Patch for Advantech WebAccess Stack Buffer Overflow Vulnerability (CNVD-2018-00671)	url:	https://www.cnvd.org.cn/patchInfo/show/113123	Trust: 0.6
title:	Advantech WebAccess Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77553	Trust: 0.6

sources: ZDI: ZDI-18-044 // ZDI: ZDI-18-050 // ZDI: ZDI-18-053 // ZDI: ZDI-18-061 // ZDI: ZDI-18-025 // ZDI: ZDI-18-047 // ZDI: ZDI-18-058 // ZDI: ZDI-18-060 // ZDI: ZDI-18-054 // ZDI: ZDI-18-049 // ZDI: ZDI-18-041 // ZDI: ZDI-18-043 // ZDI: ZDI-18-051 // CNVD: CNVD-2018-00671 // JVNDB: JVNDB-2017-011795 // CNNVD: CNNVD-201801-242

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16724	Trust: 12.6
db:	BID	id:	102424	Trust: 2.5
db:	ICS CERT	id:	ICSA-18-004-02	Trust: 1.9
db:	CNVD	id:	CNVD-2018-00671	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-242	Trust: 0.8
db:	ICS CERT	id:	ICSA-18-004-02A	Trust: 0.8
db:	JVNDB	id:	JVNDB-2017-011795	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-5045	Trust: 0.7
db:	ZDI	id:	ZDI-18-044	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5052	Trust: 0.7
db:	ZDI	id:	ZDI-18-050	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5054	Trust: 0.7
db:	ZDI	id:	ZDI-18-053	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5064	Trust: 0.7
db:	ZDI	id:	ZDI-18-061	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-4993	Trust: 0.7
db:	ZDI	id:	ZDI-18-025	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5048	Trust: 0.7
db:	ZDI	id:	ZDI-18-047	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5061	Trust: 0.7
db:	ZDI	id:	ZDI-18-058	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5063	Trust: 0.7
db:	ZDI	id:	ZDI-18-060	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5055	Trust: 0.7
db:	ZDI	id:	ZDI-18-054	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5050	Trust: 0.7
db:	ZDI	id:	ZDI-18-049	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5042	Trust: 0.7
db:	ZDI	id:	ZDI-18-041	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5044	Trust: 0.7
db:	ZDI	id:	ZDI-18-043	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-5051	Trust: 0.7
db:	ZDI	id:	ZDI-18-051	Trust: 0.7
db:	IVD	id:	E2E0E08F-39AB-11E9-B1D1-000C29342CB1	Trust: 0.2

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-18-004-02	Trust: 11.0
url:	http://www.securityfocus.com/bid/102424	Trust: 2.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16724	Trust: 0.8
url:	https://ics-cert.us-cert.gov/advisories/icsa-18-004-02a	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16724	Trust: 0.8
url:	http://webaccess.advantech.com	Trust: 0.3

sources: ZDI: ZDI-18-044 // ZDI: ZDI-18-050 // ZDI: ZDI-18-053 // ZDI: ZDI-18-061 // ZDI: ZDI-18-025 // ZDI: ZDI-18-047 // ZDI: ZDI-18-058 // ZDI: ZDI-18-060 // ZDI: ZDI-18-054 // ZDI: ZDI-18-049 // ZDI: ZDI-18-041 // ZDI: ZDI-18-043 // ZDI: ZDI-18-051 // CNVD: CNVD-2018-00671 // BID: 102424 // JVNDB: JVNDB-2017-011795 // CNNVD: CNNVD-201801-242 // NVD: CVE-2017-16724

CREDITS

Steven Seeley (mr_me) of Offensive Security

Trust: 9.1

SOURCES

db:	IVD	id:	e2e0e08f-39ab-11e9-b1d1-000c29342cb1
db:	ZDI	id:	ZDI-18-044
db:	ZDI	id:	ZDI-18-050
db:	ZDI	id:	ZDI-18-053
db:	ZDI	id:	ZDI-18-061
db:	ZDI	id:	ZDI-18-025
db:	ZDI	id:	ZDI-18-047
db:	ZDI	id:	ZDI-18-058
db:	ZDI	id:	ZDI-18-060
db:	ZDI	id:	ZDI-18-054
db:	ZDI	id:	ZDI-18-049
db:	ZDI	id:	ZDI-18-041
db:	ZDI	id:	ZDI-18-043
db:	ZDI	id:	ZDI-18-051
db:	CNVD	id:	CNVD-2018-00671
db:	BID	id:	102424
db:	JVNDB	id:	JVNDB-2017-011795
db:	CNNVD	id:	CNNVD-201801-242
db:	NVD	id:	CVE-2017-16724

LAST UPDATE DATE

2024-09-15T22:52:14.180000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-18-044	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-050	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-053	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-061	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-025	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-047	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-058	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-060	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-054	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-049	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-041	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-043	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-051	date:	2018-01-05T00:00:00
db:	CNVD	id:	CNVD-2018-00671	date:	2018-01-10T00:00:00
db:	BID	id:	102424	date:	2018-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-011795	date:	2018-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201801-242	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2017-16724	date:	2019-10-09T23:25:14.830

SOURCES RELEASE DATE

db:	IVD	id:	e2e0e08f-39ab-11e9-b1d1-000c29342cb1	date:	2018-01-10T00:00:00
db:	ZDI	id:	ZDI-18-044	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-050	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-053	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-061	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-025	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-047	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-058	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-060	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-054	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-049	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-041	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-043	date:	2018-01-05T00:00:00
db:	ZDI	id:	ZDI-18-051	date:	2018-01-05T00:00:00
db:	CNVD	id:	CNVD-2018-00671	date:	2018-01-10T00:00:00
db:	BID	id:	102424	date:	2018-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2017-011795	date:	2018-01-26T00:00:00
db:	CNNVD	id:	CNNVD-201801-242	date:	2018-01-08T00:00:00
db:	NVD	id:	CVE-2017-16724	date:	2018-01-05T08:29:00.347